1.3 Analyze AndroidManifest.xml

1.3.1 RETRIEVE MANIFEST ONLY

(already covered if you have properly decompiled the app)

aapt dump app_name.apk AndroidManifest.xml > manifest.txt

or

aapt l -a app_name.apk > manifest.txt

within drozer-shell ("dr>"):

run app.package.manifest com.x.x.x

CREATE BACKUP

full backup:

adb backup -all -apk -shared 

single app backup:

adb backup com.x.x.x

decode unencrypted backup:

xxd backup.ab

(for the command above) check if encrypted: if you see "none" --> not encrypted

dd if=all-data.ab bs=24 skip=1

or

openssl zlib -d > all-data.tar

extract it:

tar xvf all-data.tar

1.3.2 INFO

APPLICATION

• Version & Requirements:

  • <uses-sdk android:minSdkVersion="23" android:targetSdkVersion="28"/>

• Existing activities:

  • <activity android:name="com.x.x.x....MainActivity" ... >

• Used Services:

  • <service android:name="com.x.x.x....SampleService" ... >

  • find class which interacts with external resources and databases

PERMISSIONS

<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>

DEBUG APPLICATION

Debugging running apps or processes with GDB

1.3.3 THINGS TO REPORT

• Wrong version/requirements specified

• android:allowBackup = TRUE

• android:debuggable = TRUE

• andorid:exported= TRUE or not set at all (within <provider>-Tag) --> allows external app to access data

• android.permission.WRITE_EXTERNAL_STORAGE / READ_EXTERNAL_STORAGE (ONLY IF sensitive data was stored/read externally)

• improper use of permissions:

  • e.g. the app opens a website in external browser (not in-app), however requires "android.permission.INTERNET" --> false usage of permissions (over-privileged)

  • "android:protectionLevel" was not set properly (<permission android:name="my_custom_permission_name" android:protectionLevel="signature"/>)

  • missing android:permission (permission tags limit exposure to other apps)

1.3.4 MORE DETAILS

• Application elements

• Security guidelines for AndroidManifest

• Android Platform Releases